Hasil Scan Situs Internet Bank

Onno W. Purbo
Onno@indo.net.id
Tool yang digunakan
nmap
openssl
Korban
www.bi.go.id
www.bii.co.id
www.bni.co.id
www.bankmandiri.co.id
www.klikbca.com
ibank.klikbca.com

www.bi.go.id
[root@yc1dav onno]# nmap -v -sS www.bi.go.id

Starting nmap V. 2.53 by fyodor@insecure.org (
www.insecure.org/nmap/ )
Host psk.bi.go.id (202.152.5.17) appears to be up ... good.
Initiating SYN half-open stealth scan against psk.bi.go.id
(202.152.5.17)
Adding TCP port 21 (state open).
Adding TCP port 22 (state open).
Adding TCP port 20 (state open).
Adding TCP port 80 (state open).
Adding TCP port 5631 (state open).
Adding TCP port 23 (state open).
The SYN scan took 75 seconds to scan 1523 ports.




www.bi.go.id ..
Interesting ports on psk.bi.go.id (202.152.5.17):
(The 1508 ports scanned but not shown below are in state:
closed)
Port State Service
20/tcp open ftp-data
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
80/tcp open http
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
1524/tcp filtered ingreslock
2041/tcp filtered interbase
5631/tcp open pcanywheredata
6000/tcp filtered X11
12345/tcp filtered NetBus
12346/tcp filtered NetBus
27665/tcp filtered Trinoo_Master

Nmap run completed -- 1 IP address (1 host up) scanned in 80
seconds

www.bni.co.id
[root@yc1dav onno]# nmap -v -sS www.bni.co.id

Starting nmap V. 2.53 by fyodor@insecure.org (
www.insecure.org/nmap/ )
Host admin.bankmandiri.co.id (202.155.27.222) appears to be up
... good.
Initiating SYN half-open stealth scan against
admin.bankmandiri.co.id
(202.155.27.222)
Adding TCP port 80 (state open).
Adding TCP port 21 (state open).
caught SIGINT signal, cleaning up

www.bii.co.id

[root@yc1dav onno]# nmap -v -sS www.bii.co.id

Starting nmap V. 2.53 by fyodor@insecure.org
(www.insecure.org/nmap/ )
Host www.bii.co.id (202.152.2.29) appears to be up ... good.
Initiating SYN half-open stealth scan against www.bii.co.id
(202.152.2.29)
Adding TCP port 80 (state open).
The SYN scan took 332 seconds to scan 1523 ports.
Interesting ports on www.bii.co.id (202.152.2.29):
(The 1522 ports scanned but not shown below are in state:
filtered)
Port State Service
80/tcp open http

TCP Sequence Prediction: Class=random positive increments
Difficulty=411558 (Good luck!)

Sequence numbers: C24AB963 C253AB47 C265AEC6 C2796858 C28974CE
C2A5E185

Nmap run completed -- 1 IP address (1 host up) scanned in 394
seconds

http://www.btn.co.id
[root@586 onno]# nmap -v -sS www.btn.co.id

Starting nmap V. 2.53 by fyodor@insecure.org ( www.insecure.org/nmap/ )
Host www.btn.co.id (202.147.255.18) appears to be up ... good.
Initiating SYN half-open stealth scan against www.btn.co.id
(202.147.255.18)
Adding TCP port 80 (state open).
The SYN scan took 283 seconds to scan 1523 ports.
Interesting ports on www.btn.co.id (202.147.255.18):
(The 1522 ports scanned but not shown below are in state: filtered)
Port State Service
80/tcp open http

Nmap run completed -- 1 IP address (1 host up) scanned in 284 seconds
http://www.lippobank.com
[root@586 onno]# nmap -v -sS www.lippobank.com

Starting nmap V. 2.53 by fyodor@insecure.org (
www.insecure.org/nmap/ )
Host www3.infostreet.com (206.185.24.3) appears to be
up ... good.
Initiating SYN half-open stealth scan against
www3.infostreet.com
(206.185.24.3)Adding TCP port 25 (state open).
Adding TCP port 21 (state open).
Adding TCP port 80 (state open).
caught SIGINT signal, cleaning up
[root@586 onno]#

http://www.bankmandiri.co.id
[root@586 onno]# nmap -v -sS www.bankmandiri.co.id

Starting nmap V. 2.53 by fyodor@insecure.org ( www.insecure.org/nmap/ )
Host www.bankmandiri.co.id (202.155.27.222) appears to be up ... good.
Initiating SYN half-open stealth scan against www.bankmandiri.co.id
(202.155.27.222)
Adding TCP port 21 (state open).
Adding TCP port 80 (state open).
The SYN scan took 512 seconds to scan 1523 ports.
Interesting ports on www.bankmandiri.co.id (202.155.27.222):
(The 1520 ports scanned but not shown below are in state: filtered)
Port State Service
20/tcp closed ftp-data
21/tcp open ftp
80/tcp open http

Nmap run completed -- 1 IP address (1 host up) scanned in 515 seconds
http://www.bankdanamon.co
m
[root@586 onno]# nmap -v -sS www.bankdanamon.com

Starting nmap V. 2.53 by fyodor@insecure.org ( www.insecure.org/nmap/ )
Host redirect.dnsix.com (64.75.34.136) appears to be up ... good.
Initiating SYN half-open stealth scan against redirect.dnsix.com
(64.75.34.136)
Adding TCP port 80 (state open).
The SYN scan took 214 seconds to scan 1523 ports.
Interesting ports on redirect.dnsix.com (64.75.34.136):
(The 1522 ports scanned but not shown below are in state: filtered)
Port State Service
80/tcp open http

Nmap run completed -- 1 IP address (1 host up) scanned in 217 seconds

ibank.klikbca.com
[root@yc1dav onno]# nmap -vv -sS -O ibank.klikbca.com

Starting nmap V. 2.53 by fyodor@insecure.org (
www.insecure.org/nmap/ )
Host (202.158.15.52) appears to be down, skipping it.
Note: Host seems down. If it is really up, but blocking
our ping probes, try -P0
Nmap run completed -- 1 IP address (0 hosts up) scanned
in 43 seconds
www.klikbca.com
[root@yc1dav onno]# nmap -vv -sS -O www.klikbca.com

Starting nmap V. 2.53 by fyodor@insecure.org (
www.insecure.org/nmap/ )
Host (202.158.15.51) appears to be down, skipping it.
Note: Host seems down. If it is really up, but blocking our
ping probes, try -P0
Nmap run completed -- 1 IP address (0 hosts up) scanned in 60
seconds

Keamanan https://ibank. ..
$ openssl s_client -host ibank.klikbca.com -port 443
CONNECTED(00000003)
depth=1 /O=VeriSign Trust Network /OU=VeriSign, Inc.
/OU=VeriSign International Server CA - Class 3
/OU=www.verisign.com
/CPS Incorp.by Ref. LIABILITY LTD.97 VeriSign
verify error:num=20:unable to get local issuer
certificate
verify return:0
---
Keamanan https://ibank. ..
Certificate chain
0 s:/C=ID/ST=Jakarta/L=Jakarta /O=PT. Bank Central Asia
/OU=Divisi Sistem Informasi
/OU=Terms of use at www.verisign.com/rpa 00
/CN=ibank.klikbca.com
i:/O=VeriSign Trust Network/OU=VeriSign, Inc.
/OU=VeriSign International Server CA Class 3
/OU=www.verisign.com
/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
1 s:/O=VeriSign Trust Network/OU=VeriSign, Inc.
/OU=VeriSign International Server CA - Class 3
/OU=www.verisign.com
/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
i:/C=US/O=VeriSign, Inc.
/OU=Class 3 Public Primary Certification Authority
---

Keamanan https://ibank. ..
Server certificate
-----BEGIN CERTIFICATE-----
MIIFiTCCBPKgAwIBAgIQNJxhVugbaLL091k1nDHipzANBgkqhkiG9w0BAQQFAD
ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVm
aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2
8m/rIsc6SA19ranlBFx0zT9AURZDDcVy12ZM9T0ZvWY5xF2frWRibYnw3zyQVC
a6cK5U0JK0T/ddqrgRggeqH8ushwef68etrEqgw=
-----END CERTIFICATE-----
subject=/C=ID/ST=Jakarta/L=Jakarta/O=PT. Bank Central Asia
/OU=Divisi Sistem Informasi
/OU=Terms of use at www.verisign.com/rpa 00
/CN=ibank.klikbca.com
issuer=/O=VeriSign Trust Network/OU=VeriSign, Inc.
/OU=VeriSign International Server CA - Class 3
/OU=www.verisign.com
/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
---
Keamanan https://ibank. ..
No client certificate CA names sent
---
SSL handshake has read 2637 bytes and written 312 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID: 850000001702595756FADE4AFEE7F652BC790CC606376
Session-ID-ctx:
Master-Key: 3CD841954D698035E5C82941F608D200929A3636CA07D
Key-Arg : None
Start Time: 991984495
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
QUIT
DONE
$

www.plasa.com
[root@yc1dav onno]# nmap -v -sS -O www.plasa.com

Starting nmap V. 2.53 by fyodor@insecure.org (
www.insecure.org/nmap/ )
Host plasa.com (202.134.0.172) appears to be up ... good.
Initiating SYN half-open stealth scan against plasa.com
(202.134.0.172)
Adding TCP port 32771 (state open).
Adding TCP port 2049 (state open).
Adding TCP port 22 (state open).
Adding TCP port 21 (state open).
Adding TCP port 111 (state open).
Adding TCP port 80 (state open).
Adding TCP port 32773 (state open).
Adding TCP port 32772 (state open).
The SYN scan took 77 seconds to scan 1523 ports.

www.plasa.com ..
For OSScan assuming that port 21 is open and port 1 is closed
and neither are
firewalled
sendto in send_udp_raw_decoys: Message too long
sendto in send_udp_raw_decoys: Message too long
For OSScan assuming that port 21 is open and port 1 is closed
and neither are
firewalled
sendto in send_udp_raw_decoys: Message too long
sendto in send_udp_raw_decoys: Message too long
For OSScan assuming that port 21 is open and port 1 is closed
and neither are
firewalled
sendto in send_udp_raw_decoys: Message too long
sendto in send_udp_raw_decoys: Message too long

Nmap run completed -- 1 IP address (1 host up) scanned in 121
seconds

www.plasa.com ..
Interesting ports on plasa.com (202.134.0.172):
(The 1506 ports scanned but not shown below are in state:
closed)
Port State Service
21/tcp open ftp
22/tcp open ssh
80/tcp open http
111/tcp open sunrpc
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
1524/tcp filtered ingreslock
2041/tcp filtered interbase
2049/tcp open nfs
6000/tcp filtered X11
12345/tcp filtered NetBus
12346/tcp filtered NetBus
27665/tcp filtered Trinoo_Master
32771/tcp open sometimes-rpc5
32772/tcp open sometimes-rpc7
32773/tcp open sometimes-rpc9
www.plasa.com ..
TCP Sequence Prediction: Class=random positive increments
Difficulty=31064 (Worthy challenge)

Sequence numbers: 819C110D 819E6958 81A11F58 81A44188 81A613A1
81A816DB
No OS matches for host (If you know what OS is running on it,
see
http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
TSeq(Class=RI%gcd=1%SI=9335)
TSeq(Class=RI%gcd=1%SI=235DC)
TSeq(Class=RI%gcd=1%SI=7958)
T1(Resp=Y%DF=Y%W=109%ACK=S++%Flags=AS%Ops=NNTME)
T2(Resp=N)
T3(Resp=N)
T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=Y%W=0%ACK=S%Flags=AR%Ops=)
PU(Resp=N)